 |
|
|
|
Next: Recent install not showing up in program list
|
| Author |
Message |
External
Since: Oct 01, 2006
Posts: 12
|
(Msg. 1) Posted: Sat Oct 27, 2007 4:12 pm
Post subject: svchost
Archived from groups: microsoft>public>windows>vista>general (more info?)
|
|
|
Why are there 14 instances of svchost running on vista home basic?
Periodfically this takes up 100% of cpu (120 gb hard drive and 2 MB ram)/ It
first started with automatic update which I disabled . Then I suspected
Windows Defender and stopped that. Now when I try to manually update windows
the same thing happens. Frustating is not a strong enough word. Is there
anything I can do about this and still be able to update windows.
--
Rose |
|
| Back to top |
|
 | |
External
Since: Jul 29, 2007
Posts: 296
|
(Msg. 2) Posted: Sat Oct 27, 2007 10:53 pm
Post subject: Re: svchost [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"Rose" <Rose.RemoveThis@discussions.microsoft.com> wrote in message
news:84538A10-9C46-4333-8F73-0AEB9A898C98@microsoft.com...
> Why are there 14 instances of svchost running on vista home basic?
> Periodfically this takes up 100% of cpu (120 gb hard drive and 2 MB ram)/
> It
> first started with automatic update which I disabled . Then I suspected
> Windows Defender and stopped that. Now when I try to manually update
> windows
> the same thing happens. Frustating is not a strong enough word. Is there
> anything I can do about this and still be able to update windows.
Svchost.exe is the messenger for the O/S programs and non O/S programs.
Svchost.exe as part of its name implies host other programs. Svchost does
nothing on its own. It always does the bidding for other programs and only
provides the means for them to do something. Yes, multiple Svchost.exe(s)
can be running.
So, with that said, malware can use Svchost.exe on its behalf too, to
communicate and do things.
You can use something like Process Explorer to see what a given Svchost.exe
is hosting.
In PE, you go to Menu/View/Show Show Lower Pane/Show all Dll(s) and PE will
show everything a Svchost.exe or any program you see running and what that
program is hosting.
You can right-click a line in the upper pane for a running process and go to
Properties, where you'll see all the tabs where can get more information
about a running program. You can right-click in the lower-pane too to see
the properties of a program that is being hosted by a running program in the
upper pane.
You might not have malware running on the machine, but with the proper tools
you should be able to look around and see what is happening.
Note: If Svchost.exe is not running out of the Windows/System32 folder, then
it is a Trojan.
You can use CurrPorts (free) that does the same thing as Active Ports. AP
doesn't run on Vista.
Use the tools in the link and go look for yourself as to what is running on
the machine.
<http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html> |
|
| Back to top |
|
| |
External
Since: Jun 12, 2007
Posts: 35
|
(Msg. 3) Posted: Sun Oct 28, 2007 7:38 am
Post subject: Re: svchost [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hi Rose,
Download and use Process Explorer to check what service is actually taking
up the resources.
Process Explorer:
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx
--
Jabez Gan
Microsoft MVP: Windows Server - File Storage
"Rose" <Rose DeleteThis @discussions.microsoft.com> wrote in message
news:84538A10-9C46-4333-8F73-0AEB9A898C98@microsoft.com...
> Why are there 14 instances of svchost running on vista home basic?
> Periodfically this takes up 100% of cpu (120 gb hard drive and 2 MB ram)/
> It
> first started with automatic update which I disabled . Then I suspected
> Windows Defender and stopped that. Now when I try to manually update
> windows
> the same thing happens. Frustating is not a strong enough word. Is there
> anything I can do about this and still be able to update windows.
> --
> Rose |
|
| Back to top |
|
| |
External
Since: Jun 28, 2007
Posts: 508
|
(Msg. 4) Posted: Sun Oct 28, 2007 12:56 pm
Post subject: Re: svchost [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
"Rose" <Rose.RemoveThis@discussions.microsoft.com> wrote...
> Why are there 14 instances of svchost running on vista home basic?
> Periodfically this takes up 100% of cpu (120 gb hard drive and 2 MB ram)/
> It
> first started with automatic update which I disabled . Then I suspected
> Windows Defender and stopped that. Now when I try to manually update
> windows
> the same thing happens. Frustating is not a strong enough word. Is there
> anything I can do about this and still be able to update windows.
Hi Rose,
In addition to Jabez's good reply ... "svchost.exe" is the generic service
container or "hosting" process, in Windows. Many services do not run as
processes in their own right; rather, they are hosted within an instance of
the generic svchost.exe. So, it is normal to see multiple instances of this
process running on a system.
However, it is not normal to have excess CPU utilisation. To see what
services are running in which instances of svchost.ese, go to a command
pormpt and run this command:
C:\>tasklist /svc
This will show you all running processes, along with the service names of
each service running inside each process. If you can match up the Process ID
of the svchost which is using excess CPU,with the services listed by
Tasklist, this will help you identify the particular service using up the
CPU.
Hope it helps,
--
Andrew McLaren
amclar (at) optusnet dot com dot au |
|
| Back to top |
|
| |
External
Since: Oct 01, 2006
Posts: 12
|
(Msg. 5) Posted: Sun Oct 28, 2007 1:36 pm
Post subject: Re: svchost [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Thank you all ,especially Mr. Arnold. With all of this information I should
be able to solve this annoying problem.
--
Rose
"Mr. Arnold" wrote:
>
> "Rose" <Rose RemoveThis @discussions.microsoft.com> wrote in message
> news:84538A10-9C46-4333-8F73-0AEB9A898C98@microsoft.com...
> > Why are there 14 instances of svchost running on vista home basic?
> > Periodfically this takes up 100% of cpu (120 gb hard drive and 2 MB ram)/
> > It
> > first started with automatic update which I disabled . Then I suspected
> > Windows Defender and stopped that. Now when I try to manually update
> > windows
> > the same thing happens. Frustating is not a strong enough word. Is there
> > anything I can do about this and still be able to update windows.
>
> Svchost.exe is the messenger for the O/S programs and non O/S programs.
> Svchost.exe as part of its name implies host other programs. Svchost does
> nothing on its own. It always does the bidding for other programs and only
> provides the means for them to do something. Yes, multiple Svchost.exe(s)
> can be running.
>
> So, with that said, malware can use Svchost.exe on its behalf too, to
> communicate and do things.
>
> You can use something like Process Explorer to see what a given Svchost.exe
> is hosting.
>
> In PE, you go to Menu/View/Show Show Lower Pane/Show all Dll(s) and PE will
> show everything a Svchost.exe or any program you see running and what that
> program is hosting.
>
> You can right-click a line in the upper pane for a running process and go to
> Properties, where you'll see all the tabs where can get more information
> about a running program. You can right-click in the lower-pane too to see
> the properties of a program that is being hosted by a running program in the
> upper pane.
>
> You might not have malware running on the machine, but with the proper tools
> you should be able to look around and see what is happening.
>
> Note: If Svchost.exe is not running out of the Windows/System32 folder, then
> it is a Trojan.
>
> You can use CurrPorts (free) that does the same thing as Active Ports. AP
> doesn't run on Vista.
>
> Use the tools in the link and go look for yourself as to what is running on
> the machine.
>
> <http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>
>
> |
|
| Back to top |
|
| |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
Windows